Thursday, February 12, 2015

This doesn't appear to be correct - Can this really be the BIGGEST cyber challenge facing the Navy??


Vice Admiral Jan E. Tighe is reported to have said that the biggest cyber challenge facing the Navy is the protection of sensitive but unclassified (SBU) information that resides outside of its networks

From this ARTICLE.  Do we need a Task Force SBU?? Is someone aware of which organization is tasked with working to resolve the biggest cyber challenge facing the Navy?

Seems like this would be addressed in the DoD's Risk Management Framework for cyber. 

7 comments:

  1. So you are confused Mike. Situation normal.

    ReplyDelete
  2. SBU data is certainly of concern, but wouldn't make the case for it being the "biggest" challenge facing the Navy unless of course you are making the case that by "biggest" you mean most wide spread.

    Bottom line is that it isn't a cyber problem, but a business framework problem. We as a Service have become so dependant upon contractors to do our work that much of our intellectual capital exists outside of our control...not a cyber problem at heart, but it certainly manifests itself there.

    And haven't ever seen a cyber risk management framework - would be an interesting document to read through though.

    ReplyDelete
  3. "Cyber is an all hands on deck evolution and everyone will have to be a cyber-expert," said Lewis referring to the changing dynamics of the future workforce. "It is fundamental to what we do on ships and for the warfighter. If it has a computer, it will be affected by cyber. The current warfighting environment has changed radically, so we are going to have to change some of our behaviors to remain cyber defendable."

    ReplyDelete
  4. Viz anon above, why? Short of MDU, the ship's weapons computers are stand alone unless engaged in CEC. The fire control systems cannot be directly attacked.

    OK, that was funny. Of course they can now. Cyber warriors made them vulnerable by offering 'software updates' on deployment.

    Yay cyber warriors!

    ReplyDelete
  5. THIS MAY HELP YOUR UNDERSTANDING.

    2. “The nature of the DON mission, accompanied by connectivity and data aggregation issues, has led to the determination that all unclassified information processed by DON information systems is sensitive. Therefore, all DON information systems shall be protected by the continuous employment of appropriate safeguards.”15

    ReplyDelete
  6. Table 2: Sensitive but Unclassified Designations in Use at Selected Federal Agencies

    Designation Agencies using designation

    1 Applied Technology *Department of Energy (DOE)
    2 Attorney-Client Privilege Department of Commerce (Commerce), *DOE
    3 Business Confidential *DOE
    4 Budgetary Information Environmental Protection Agency (EPA)
    5 Census Confidential Commerce
    6 Confidential Information Protection and Statistical Efficiency Act Information (CIPSEA) Social Security Administration (SSA)
    7 Computer Security Act Sensitive Information (CSASI) Department of Health and Human Services (HHS)
    8 Confidential Department of Labor
    9 Confidential Business Information (CBI) Commerce, EPA
    10 Contractor Access Restricted Information (CARI) HHS
    11 Copyrighted Information *DOE
    12 Critical Energy Infrastructure Information (CEII) Federal Energy Regulatory Commission (FERC)
    13 Critical Infrastructure Information Office of Personnel Management (OPM)
    14 DEA Sensitive Department of Justice (DOJ)
    15 DOD Unclassified Controlled Nuclear Information Department of Defense (DOD)
    16 Draft EPA
    17 Export Controlled Information *DOE
    18 For Official Use Only (FOUO) Commerce, DOD, Department of Education, EPA, General Services Administration, HHS, DHS, Department of Housing and Urban Development (HUD), DOJ, Labor, OPM, SSA, and the Department of Transportation (DOT)
    19 For Official Use Only‹Law Enforcement Sensitive DOD
    20 Freedom of Information Act (FOIA) EPA
    21 Government Confidential Commercial Information *DOE
    22 High-Temperature Superconductivity Pilot Center Information *DOE
    23 In Confidence *DOE
    24 Intellectual Property *DOE
    25 Law Enforcement Sensitive Commerce, EPA, DHS, DOJ, HHS, Labor, OPM
    26 Law Enforcement Sensitive/Sensitive DOJ
    27 Limited Distribution Information DOD
    28 Limited Official Use (LOU) DHS, DOJ, Department of Treasury
    29 Medical records EPA
    30 Non-Public Information FERC
    31 Not Available National Technical Information Service Commerce
    32 Official Use Only (OUO) DOE, SSA, Treasury
    33 Operations Security Protected Information (OSPI) HHS
    34 Patent Sensitive Information *DOE
    35 Predecisional Draft *DOE
    36 Privacy Act Information *DOE, EPA
    37 Privacy Act Protected Information (PAPI) HHS
    38 Proprietary Information *DOE, DOJ
    39 Protected Battery Information *DOE
    40 Protected Critical Infrastructure Information (PCII) DHS
    41 Safeguards Information Nuclear Regulatory Commission (NRC)
    42 Select Agent Sensitive Information (SASI) HHS
    43 Sensitive But Unclassified (SBU) Commerce, HHS, NASA, National Science Foundation (NSF), Department of State, U.S. Agency for International Development (USAID)
    44 Sensitive Drinking Water Related Information (SDWRI) EPA
    45 Sensitive Information DOD, U.S. Postal Service (USPS)
    46 Sensitive Instruction SSA
    47 Sensitive Internal Use *DOE
    48 Sensitive Unclassified Non-Safeguards Information NRC
    49 Sensitive Nuclear Technology *DOE
    50 Sensitive Security Information (SSI) DHS, DOT, U.S. Department of Agriculture (USDA)
    51 Sensitive Water Vulnerability Assessment Information EPA
    52 Small Business Innovative Research Information *DOE
    53 Technical Information DOD
    54 Trade Sensitive Information Commerce
    55 Unclassified Controlled Nuclear Information (UCNI) DOE
    56 Unclassified National Security-Related *DOE

    ReplyDelete
  7. Chelsea Manning has your number and stole your data.

    ReplyDelete